CVE-2016-3841
kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
La pila IPv6 en el kernel de Linux en versiones anteriores a 4.3.3 no maneja adecuadamente datos de las opciones, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación y caída de sistema) a través de una llamada al sistema sendmsg manipulada.
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-03-30 CVE Reserved
- 2016-08-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-416: Use After Free
- CWE-667: Improper Locking
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 | Release Notes | |
http://www.securityfocus.com/bid/92227 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0855.html | 2024-04-02 | |
http://rhn.redhat.com/errata/RHSA-2016-2574.html | 2024-04-02 | |
http://rhn.redhat.com/errata/RHSA-2016-2584.html | 2024-04-02 | |
http://rhn.redhat.com/errata/RHSA-2016-2695.html | 2024-04-02 | |
http://source.android.com/security/bulletin/2016-08-01.html | 2024-04-02 | |
https://access.redhat.com/security/cve/CVE-2016-3841 | 2016-11-09 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1364971 | 2016-11-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0.1 Search vendor "Google" for product "Android" and version "6.0.1" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.2.75 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.75" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.12.52 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.12.52" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.16.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.35" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.25 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.25" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.15" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.2.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.2.8" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.3 < 4.3.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 4.3.3" | - |
Affected
|